CLDSRV-872: store checksum in object metadata#6113
Closed
leif-scality wants to merge 8 commits intodevelopment/9.4from
Closed
CLDSRV-872: store checksum in object metadata#6113leif-scality wants to merge 8 commits intodevelopment/9.4from
leif-scality wants to merge 8 commits intodevelopment/9.4from
Conversation
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
| if (checksumedStream.stream.writableFinished) { | ||
| return doValidate(); | ||
| } | ||
| checksumedStream.stream.once('finish', doValidate); |
There was a problem hiding this comment.
In storeObject.js, when data.put completes and the callback fires, you listen for 'finish' on the ChecksumTransform if writableFinished is not yet true. However, if the ChecksumTransform's _flush fails (e.g. crc64nvme digest throws), the stream will emit 'error', not 'finish'. In that case, doValidate is never called, but the upgraded onStreamError handler will fire and clean up — so this is safe. Just noting there is no explicit timeout or fallback if neither 'finish' nor 'error' fires (e.g. stream stalls), but that would be a broader Node.js stream issue, not specific to this PR.
— Claude Code
| * error, dataRetrievalInfo, and completedHash (if any) | ||
| */ | ||
| function checkHashMatchMD5(stream, hashedStream, dataRetrievalInfo, log, cb) { | ||
| function checkHashMatchMD5(stream, hashedStream, dataRetrievalInfo, checksumStream, log, cb) { |
There was a problem hiding this comment.
The checkHashMatchMD5 JSDoc is missing the new checksumStream parameter. Minor, but the existing params are documented and this one is not.
— Claude Code
| ); | ||
| checksumedStream.on('error', onStreamError); | ||
| stream.pipe(checksumedStream); | ||
| return { error: null, stream: checksumedStream }; |
There was a problem hiding this comment.
The STREAMING-AWS4-HMAC-SHA256-PAYLOAD case creates a ChecksumTransform and pipes V4Transform into it, but if the request includes x-amz-trailer header (i.e. checksumAlgo.isTrailer === true), no one will ever call setExpectedChecksum() on the ChecksumTransform — unlike the TRAILER case which wires up the 'trailer' event. This means trailer-based checksums through the V4 signed chunked path would always fail with TrailerMissing.
Is STREAMING-AWS4-HMAC-SHA256-PAYLOAD-TRAILER intentionally unsupported (it is in unsupportedSignatureChecksums)? If so, consider adding a guard here rejecting isTrailer === true for this case, to fail fast with a clear error rather than silently producing a TrailerMissing error after data is already stored and then cleaned up.
— Claude Code
| }; | ||
| } | ||
|
|
||
| const trailer = headers['x-amz-trailer']; |
There was a problem hiding this comment.
In getChecksumDataFromHeaders, when no checksum headers and no trailer are present, this defaults to crc64nvme. This means every PutObject request (even those not requesting checksum validation) will now compute a CRC64NVME hash of the entire body. This is an intentional design choice (always store a checksum in metadata), but it is a performance change — every put now pays the cost of CRC64NVME computation. Worth documenting this behavioral change.
— Claude Code
| if (!this.streamClosed && this.readingTrailer && this.trailerBuffer.length === 0) { | ||
| // Nothing came after "0\r\n", don't fail. | ||
| // If the x-amz-trailer header was present then the trailer is required and ChecksumTransform will fail. | ||
| return callback(); |
There was a problem hiding this comment.
The _flush method has three conditions that could be simplified. The second branch (readingTrailer && trailerBuffer.length !== 0) means data arrived after the 0\r\n marker but the trailer line never terminated with \r\n. This is correct behavior.
However, there is a subtle issue: when the stream ends with 0\r\n and nothing else (no trailer, no final \r\n), the first branch returns callback() (success). But readingTrailer is true and streamClosed is false. The comment says ChecksumTransform will fail if x-amz-trailer header was present — but if x-amz-trailer was NOT present, this silently succeeds with an incomplete chunked body. This seems intentional based on test testS3PutTrailerNoTrailerInBodyAndHeader, but is worth a comment clarifying this is by design.
— Claude Code
|
Summary of issues found:
Overall solid implementation with good error handling and test coverage. Review by Claude Code |
❌ 128 Tests Failed:
View the top 3 failed test(s) by shortest run time
To view more test analytics, go to the Test Analytics Dashboard |
nicolas2bert
deleted the
development/CLDSRV-872-store-checksum-in-object-metadata
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.